When it comes to protecting your systems, your client data, your reputation, and your users, then the need to have a focus on “all things best practice“ around IT security cannot be overstated. Whilst your IT partner can offer all sorts of practical advice guidance and solutions, each business needs to take responsibility for what it can and should do to minimise and mitigate risk. Here are some of our favourites
- Create strong password policies Whilst an old chestnut, with regular coverage across all media, the reliance on weak password policies is still a significant issue in lots of organisations. Having a strong password policy, auto enforced by the IT system, requiring mixed characters, special characters, and forced changes on a regular basis is a crucial foundation of any security policy,
- Back up your data on a regular frequency Organisations are increasingly so reliant on their IT systems and the integrity of their data, that they could not countenance any data loss at all. You need to ensure that your backup strategy supports your actual business need. If the cost of a day of lost data if you were to suffer an incident at end of day and have to revert to prior day’s backup is unacceptable, explore solutions which provide more regular and more frequent backups even real time if appropriate
- Install effective antivirus software and ensure it is kept updated Having an AV solution that performs as it needs to, protecting you from many threats is not an optional investment, it is obligatory. A virus infection can cause horrendous business disruption and prevention is always better than cure. You need to ensure not only are the virus signature files constantly updated but the core software application is also updated on a regular basis too. The optimum combination for protection is always typically, a combination of latest software and latest signature files.
- Make sure your people know what they should and shouldn’t do Whilst technology solutions can provide excellent defences against threats, they can be rendered ineffective if users don’t follow best practice. Training your users to ensure that they are aware of cyber-threats and don’t for instance click a malicious link or download fraudulent software. Employees should understand the dangers of visiting harmful websites, leaving their devices unattended and oversharing personal information on social media. You should have robust policies in place and all staff should confirm they have read and understood these policies.
- Install content filtering There are a wide array of content filtering tools available (e.g. email, web, network based). The best blend of filtering to deploy will be dependent on the type of organisation and the degree of protection, but if installed enhance the protection against, for instance, inappropriate web sites being accessed or inappropriate email content being received
- Use multi-factor authentication Multi-factor authentication adds a layer of security that allows companies to protect against compromised credentials. Through this method, users must confirm their identity by providing extra information (eg a phone number, unique security code) when attempting to access corporate applications, networks and servers.
- Patch systems regularly and keep them updated A common way cyber-criminals gain entry into your system is by exploiting software vulnerabilities. To prevent this, it’s critical that you update applications, operating systems, security software and firmware on a regular basis.
- Create an incident response plan—Having a plan on how to respond in the event of a cyber breach could save a lot of aggravation down the track and should form part of wider planning for IT related business disruption. Having a structured approach to notifying partners and importantly clients quickly and efficiently should limit both financial and reputational damages.